<?php

extract($_POST);


if(isset($username)){
	require("./dbconnect.inc.php");

	// Process
	mysql_connect($host,$dbuser,$dbpassword);
	@mysql_select_db($database) or die( "Unable to select database");

	// Grab data
	$usergrab=sprintf("SELECT * FROM users WHERE username='%s'", mysql_real_escape_string($username));

	$userresult=mysql_query($usergrab);
	$numuser=mysql_numrows($userresult);

	$j=0;
	while($j < $numuser){
	$dbpassword=mysql_result($userresult,$j,"password");
	$j++;
	}

	/* Hash the password */
	$password = MD5($password);
	
	if($password != $dbpassword){
		echo"<p><span style=\"color:red;\">Invalid Username or Password!</span></p>";
		exit();
	}
		
	// Grab user data
	$datagrab=sprintf("SELECT * FROM filedata WHERE username='%s'", mysql_real_escape_string($username));


	$dataresult=mysql_query($datagrab);
	$numdata=mysql_numrows($dataresult);
	
	if($numdata ==0){
		echo"<p><span style=\"color:red;\">You do not have the necessary security clearance to view any files.</span></p>";
		exit();
	}

// First half of form
	?>
	<html>
		<head>
			<title>Enter New User</title>
		</head>

		<body>

			<h1>Log in</h1>

			<p>Please select a file:</p>
				<form method="post" name="titlelist" action="retrievedata.php">
					<input type="hidden" name="username" value="<?php echo $username; ?>">
					<input type="hidden" name="password" value="<?php echo $password; ?>">
				<select name="title">

	<?php
	// Build out title list:
	$j=0;
	while($j < $numdata){
	$title=mysql_result($dataresult,$j,"title");
	echo "<option value=\"$title\">$title<br>";
	$j++;
	}
	
	// Second half of form
	?>
	
						<input type="Submit" name="action" value="Submit">
				</form>

		</body>

	</html>
	
	<?php
	
	
	}
else{
	echo "
	<html>
		<head>
			<title>Enter New User</title>
		</head>

		<body>

			<h1>Log in</h1>

			<p>Please enter your username and password.</p>
				<form method=\"post\" name=\"userlogin\" action=\"grabentry.php\">

					<br />Username: <input type=\"text\" name=\"username\" value=\"\">

					<br />Password: <input type=\"password\" name=\"password\" value=\"\">
	
					<input type=\"Submit\" name=\"action\" value=\"Submit\">
				</form>

		</body>

	</html>";
}


?>